XsltSettings Class

 

Specifies the XSLT features to support during execution of the XSLT style sheet.

Namespace:   System.Xml.Xsl
Assembly:  System.Xml (in System.Xml.dll)

System.Object
  System.Xml.Xsl.XsltSettings

public sealed class XsltSettings

NameDescription
System_CAPS_pubmethodXsltSettings()

Initializes a new instance of the XsltSettings class with default settings.

System_CAPS_pubmethodXsltSettings(Boolean, Boolean)

Initializes a new instance of the XsltSettings class with the specified settings.

NameDescription
System_CAPS_pubpropertySystem_CAPS_staticDefault

Gets an XsltSettings object with default settings. Support for the XSLT document() function and embedded script blocks is disabled.

System_CAPS_pubpropertyEnableDocumentFunction

Gets or sets a value indicating whether to enable support for the XSLT document() function.

System_CAPS_pubpropertyEnableScript

Gets or sets a value indicating whether to enable support for embedded script blocks.

System_CAPS_pubpropertySystem_CAPS_staticTrustedXslt

Gets an XsltSettings object that enables support for the XSLT document() function and embedded script blocks.

NameDescription
System_CAPS_pubmethodEquals(Object)

Determines whether the specified object is equal to the current object.(Inherited from Object.)

System_CAPS_pubmethodGetHashCode()

Serves as the default hash function. (Inherited from Object.)

System_CAPS_pubmethodGetType()

Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodToString()

Returns a string that represents the current object.(Inherited from Object.)

Embedded script blocks and the XSLT document() function are optional features on the XslCompiledTransform class. These features are disabled by default. The XsltSettings class specifies which of these optional features to support. Features are enabled or disabled using the class properties. The XsltSettings object is then passed to the XslCompiledTransform.Load method.

System_CAPS_security Security Note

XSLT style sheets can include references to other files and embedded script blocks. A malicious user can exploit this by supplying you with data or style sheets that when executed can cause your system to process until the computer runs low on resources. Do not enable scripting or the document() function unless the style sheet comes from a trusted source. If you cannot verify the source of the style sheet, or if the style sheet does not come from a trusted source, use the default XSLT settings.

The following example loads a style sheet and enables XSLT script support.

// Create the XsltSettings object with script enabled.
XsltSettings settings = new XsltSettings(false,true);

// Create the XslCompiledTransform object and load the style sheet.
XslCompiledTransform xslt = new XslCompiledTransform();
xslt.Load("sort.xsl", settings, new XmlUrlResolver());

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
Show: